I am trying to implement a NAT/PAT (Port Address Translation) firewall rule for the RB FTP server. I know I can change the service address but I want to keep it at 21 internally and use a PAT port from the public interface.
I have it working if I disable the firewall ‘drop’ filtering rules but can figure out the right rule to allow this connection. Any suggestions are appreciated:
/ip firewall filter
add action=accept chain=input comment=“default configuration” connection-state=established disabled=no in-interface=ether1-gateway
add action=accept chain=input comment=“default configuration” connection-state=related disabled=no in-interface=ether1-gateway
add action=drop chain=input comment=“default configuration” disabled=yes in-interface=ether1-gateway
/ip firewall nat
add action=dst-nat chain=dstnat comment=“” disabled=no dst-port=2021 in-interface=ether1-gateway protocol=tcp to-ports=21
add action=masquerade chain=srcnat comment=“default configuration” disabled=no out-interface=ether1-gateway
Thanks in advance.